libdigidocpp
EstEIDSigner.cpp
Go to the documentation of this file.
1 /*
2  * libdigidocpp
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  *
18  */
19 
20 #include "EstEIDSigner.h"
21 
22 #include "../Digest.h"
23 #include "../cert/X509Cert.h"
24 #include "../../Conf.h"
25 #include "../../log.h"
26 
27 #include <algorithm>
28 #include <string.h>
29 
37 digidoc::EstEIDSigner::EstEIDSigner(const std::string& driver) throw(SignException)
38  : PKCS11Signer(driver)
39 {
40 }
41 
46 {
47 }
48 
58  const std::vector<PKCS11Signer::PKCS11Cert> &certificates) const throw(SignException)
59 {
60  if(certificates.empty())
61  THROW_SIGNEXCEPTION("Could not find certificate.");
62  for(std::vector<PKCS11Signer::PKCS11Cert>::const_iterator i = certificates.begin(); i < certificates.end(); ++i)
63  {
64  std::vector<digidoc::X509Cert::KeyUsage> usage = i->cert.getKeyUsage();
65  if( find( usage.begin(), usage.end(), digidoc::X509Cert::NonRepudiation ) != usage.end() )
66  return *i;
67  }
68  THROW_SIGNEXCEPTION("Could not find certificate.");
69  return PKCS11Signer::PKCS11Cert();
70 }
71 
73 {
74  int result = digidoc::Digest::toMethod( Conf::getInstance()->getSignatureUri() );
75  if( result == NID_sha1 )
76  return result;
77  bool found = false;
78  std::vector<std::string> pol = digidoc::X509Cert( getCert() ).getCertificatePolicies();
79  for( std::vector<std::string>::iterator i = pol.begin(); i != pol.end(); ++i )
80  {
81  if(i->find("1.3.6.1.4.1.10015.1.2.", 22) == 0 ||
82  i->find("1.3.6.1.4.1.10015.3.2.", 22) == 0)
83  found = true;
84  }
85  if(!found)
86  return X509Cert(getCert()).getPaddingSize() > 128 ? result : NID_sha224;
87  return result;
88 }